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Functional Leadership Plan 
Office of the Chief Information Officer 


l. Purpose 


This document sets forth the NASA Office of the Chief Information Officer 
Functional Leadership Plan. 


The Chief Information Officer (CIO), located in the Office of the Administrator, is 
the principal advisor to the Administrator and other senior officials on matters 
pertaining to Information Technology (IT). The Office of the CIO establishes 
policies for planning, acquiring, managing, and using IT to accomplish NASA’s 
missions and programs efficiently, effectively, safely, and securely. 


ll. Mission 


NASA seeks to make measurable improvements in mission performance, cost of 
program/project development and operations, and service delivery to the public 
through the strategic application of IT. The Office of the Chief Information Officer 
supports this activity by implementing IT procedures and guidelines that are 
aligned with NASA’s Strategic Plan and integrated with the process defined in the 
NASA Strategic Management Handbook. 


IT is addressed in the NASA Strategic Plan as part of the crosscutting process 
entitled “Manage Strategically.” The objective for IT stated in the current NASA 
Strategic Plan is: 
“To ensure information technology provides an open and secure exchange 
of information, is consistent with Agency technical architectures and 
standards, demonstrates a projected return on investment, reduces risk, 
and directly contributes to mission success.” 


lll. ClO Responsibilities 


The Information Technology Management Reform Act of 1996, also known as 
the Clinger-Cohen Act, outlined the processes that federal agencies should use 
to acquire IT resources and to manage IT investments. The Clinger-Cohen Act 
also required federal agencies to establish the position of Chief Information 
Officer (CIO.) The NASA CIO, as the Agency’s change agent for the Clinger- 
Cohen Act, must provide vision and leadership to ensure that: 


+ the Agency is making the right investments in IT, and 
<+ IT investments are managed in such a way as to ensure the Agency 
achieves an acceptable return on its investment. 
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In addition to the requirements of the Clinger-Cohen Act, the CIO's activities are 
driven by a number of other legislative and regulatory requirements, including the 
Paperwork Reduction Act, the Government Performance and Results Act 
(GPRA), and the Freedom of Information Act (FOIA). Most importantly, however, 
the CIO must take into account the specific needs of NASA and its scientific, 
engineering, and administrative activities in the IT planning, acquisition, and 
management process. 


The CIO has the following functional responsibilities: 


Leads the development of Agency-level IT policies, plans, standards, 
capabilities, and architectures; 

Assesses and improves existing IT initiatives; 

Reviews, evaluates, and provides recommendations on major IT 
investments to the Capital Investment Council; 

Develops IT performance metrics; 

Evaluates Agency progress and performance in achieving IT-related 
objectives; 

Implements a sound, integrated, and secure IT architecture; 

Assures that NASA’s workforce has the appropriate IT skills and 
knowledge to meet Agency objectives; 

Reports for the Agency to the Office of Management and Budget (OMB) 
and Congress on the impact of IT investments on programs; 

Provides leadership and oversight for other initiatives and programs 
related to IT and information services. 

In cooperation with the Critical Infrastructure Assurance Officer (CIAO), 
coordinates the efforts necessary to ensure the protection of the Agency’s 
cyber critical infrastructure assets. 


+ + + ++ $4 ++ + 


The NASA CIO is supported in these activities by an organizational framework 
that is integrated with the way the Agency implements its programs and projects. 
The IT Investment Council, comprised of senior management representing the 
Strategic Enterprises and key Agency functions, supports the CIO in establishing 
Agency-level IT policies, plans, and standards, and serves as a forum for 
addressing key policy and funding decisions for Agency IT resources. The CIO 
Board, composed of ClOs from the Strategic Enterprises and Centers, ensures 
the effective and efficient application of IT to support Agency missions. The IT 
Security Council, co-chaired by the Office of Management Systems, coordinates 
with the CIO on IT security matters including policy, standards, and resource 
issues. More detailed information on the roles and responsibilities related to the 
NASA CIO organizational framework may be found in NPG 2800. 
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IV. Functional Responsibilities 


The NASA Office of the Chief Information Officer’s functional responsibilities are 
aligned under four main focus areas. The NASA Office of the CIO provides 
leadership and strategic direction for the Agency’s IT planning and 
implementation processes in these areas. The focus areas are: 


1. Safety and security 
2. Cost-effective common infrastructure and services 


3. Innovative technology and practices 
4. Emerging IT areas 


Focus Area 1: Safety and Security 


We are committed to providing an exemplary IT security posture to 


protect the safety and integrity of NASA’s missions, programs, and 
projects, as well as the safety of our astronauts and pilots, the NASA 
and contractor workforce, and the national resources under our charge. 





Initiative: IT Security 
Goal: 


Establish the optimal Agency security posture on issues related to IT security, 
and ensure that NASA’s mission critical aerospace assets and systems are 
secure. 


Objectives: 


+ Achieve a trained workforce of users, managers, system 
administrators, and network administrators; (Government Performance 
and Results Act metric) 

Reduce system and application vulnerabilities; (GPRA metric) 

Improve intrusion monitoring, reporting, and response; 

Improve mechanisms for user authentication and data protection; 
Improve adherence to Agency IT security policy. 


o> >> 


Approach: 


The Office of the ClO coordinates with the Office of Management Systems to 
create and implement a comprehensive Agencywide IT security plan. The IT 
security plan addresses: 
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Metrics: 


<> 


<> 


<> 


Policies and procedures; 

Incident response and reporting; 

Education and training; 

Auditing and monitoring; 

Risk assessments; 

Penetration testing; 

Security plans; 

Technologies. (e.g., Public Key Infrastructure, Virtual Private Networks, 
Tokens/Smart Cards, etc.) 


Meet desired percentages of employees trained on security topics, 
including security awareness, system administration, and project 
management (e.g., 80 percent of employees trained on awareness by 
the end of FYO0); 

Reduction in ratio of number of computer system security 
vulnerabilities to number of computer systems; 

Ensure that 100 percent of “special management attention” systems 
have completed risk assessments and/or IT security plans; 

Ensure 100 percent deployment of Public Key Infrastructure. 


Initiative: Software Management 


Goal: 


Establish NASA engineering and management processes that enable safe and 
quality software. 


Objectives: 


<> 


++ ++ 


Improve the delivery of error tolerant, reliable, and reusable software 
that is on schedule and within cost; 

Define and implement metrics based software plan; 

Implement software engineering processes at all NASA Centers that 
are certified to Level 3 on the Capability Maturity Model (CMM); 
Develop a knowledge base of proven software engineering practices; 
Conduct and transfer fundamental software research that addresses: 
— High reliability and error tolerance; 

— Productivity increases; 

— Reusability of software and process; 

— Increased automation; 

— Emerging paradigms. 
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Approach: 


The Office of the ClO supports the Software Management initiative led by the 
Chief Engineer with additional participation by the Office of Safety and Mission 
Assurance. As part of the approach, a plan that addresses the following four 
areas of recommendations has been developed: 


+ Process improvement; 

+ Verification and validation; 
+ Software research; 

+ Software metrics. 


Metrics: 


A critical element of the initiative to improve software management is the 
implementation of key metrics to evaluate software quality. Examples of metrics 
that are being evaluated include the following: 


Cost (planned vs. actual); 

Schedule (planned vs. actual); 

Workforce (planned vs. actual); 

Requirements (percent change since baseline); 
Development(planned vs. actual); 

Testing (number of open/closed Discrepancy Reports). 


++++++ 


Focus Area 2: Cost Effective Common Infrastructure and Services 


We strive to provide common infrastructure and services to avoid 


infrastructure duplication, maximize common service efficiencies, and 
promote interoperability. Our strategies in doing this are enabling, 
effective, efficient, and consistent with the Agencywide technical 


muanlita ntk ua 





Initiative: Architecture & Standards 
Goal: 


Deliver an Agencywide IT environment that is secure, yet open, reliable, and 
interoperable. 


Objectives: 


<+ Leverage technologies and practices to meet NASA challenges and 
goals; 


Responsible Office: Code AO 
Subject: Functional Leadership Plan 


+ Provide a basis for value-added IT investment decision making and 
prioritization; 
+ Promote effective transfer of innovative technologies. 


Approach: 


+ Principal Centers, designated by the Chief Information Officer to 
provide technical expertise on IT issues, propose architecture and 
standards to meet Agency requirements; 

+ Federated approach to approve and execute architecture and 
standards. 


Metrics: 


Metrics for the Architecture and Standards initiative are currently under 
development. 


Initiative: Agencywide Services and Solutions 
Goal: 


Improve cost effectiveness and operating efficiency of Agency IT solutions and 
services. 


Objectives: 


+ Implement management controls and performance measures to 
ensure appropriate administration of common IT and service elements; 

+ Ensure compliance with policy and regulatory requirements related to 
the provision of IT or information services. 


Approach: 


For these Agencywide services and solutions, responsibility for the program 
implementation is delegated to a Lead Center or Expert Center via a 
Memorandum of Understanding. The Office of the Chief Information Officer 
utilizes an oversight and review process to ensure that the activity adheres to 
quarterly performance metrics. Summaries of key Agencywide initiatives and 
services follow. 


Wide Area Networks 


The NASA Integrated Services Network (NISN) is NASA's wide area 
telecommunications network/service and is managed by the Space 
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Operations Management Office. The mission of the NISN is to provide 
cost-effective wide area network telecommunications services for 
transmission of data, video and voice for all NASA Enterprises, Programs 
and Centers, utilizing commercial resources wherever possible. 


Consolidated Mainframes 


The NASA Automated Data Processing (ADP) Consolidation Center 
(NACC) maintains and operates mainframe systems that support 
administrative processing requirements for the NASA Centers. The 
processes and procedures governing the NACC are structured to ensure 
maximum reliability, availability, and serviceability to the user community. 


Desktop 


The Outsourcing Desktop Initiative for NASA (ODIN) program is an 
outsourced arrangement that delivers comprehensive desktop computer, 
server, and intra-center communications services to NASA employees and 
contractors. 


Scientific and Technical Information 


The Scientific and Technical Information (STI) Program supports the 
Agency's missions to communicate scientific knowledge and 
understanding and transfer NASA's research and development information 
to the aerospace and academic communities. 


Records Management 


NASA’s Records Management program ensures that the Agency’s current 
records are available for use, significant records are preserved for our 
nation’s history, and all other records are disposed of properly and legally. 


High End Computing 


NASA's High End Computing program examines how to best provide for 
the high-end computing needs of its engineering and science missions, 
programs, and projects. 


Integrated Financial Management Program 


The Integrated Financial Management Program (IFMP), managed by the 
NASA Office of the Chief Financial Officer, will provide NASA with a 
modern, leading edge business system that will promote the 
standardization and integration of business processes and systems across 
the Agency. 
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Printing Management 


The mission of NASA’s Printing Management program is to maintain 
effective and efficient printing, duplicating, and copying management in 
support of NASA projects, programs, and overall management activities. 


Forms and Mail Management 


The NASA Forms and Mail Management program provides Agencywide 
administration of the forms and mail management processes, 
recommends and develops policy, and implements guidance and 
procedures related to forms and mail management. 


Information Collection Budget 


The Information Collection Budget (ICB) is the vehicle through which the 
Office of Management and Budget, in consultation with the Agency, sets 
“annual Agency goals to reduce information collection burdens imposed 

on the public.” NASA’s ICB summarizes agency accomplishments in the 
prior fiscal year and describes Agency goals for the following year. 


Metrics: 

Specific metrics vary according to the initiative, and some of the initiatives have 
metrics currently under development. However, there are two common metrics 
used to assess all Agencywide services and solutions that are in operational 
status: 


+ Cost of service or solution; 
+ Customer satisfaction measurements. 


Focus Area 3: Innovative Technology and Practices 


We will leverage innovative technology and practices to meet NASA 
challenges and revolutionize the way the Agency does business. 





Initiative: Knowledge Management (KM) 
Goal: 


Enhance corporate capability to manage information and communicate 
knowledge. 
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Objectives: 


+ Benchmark the state of the art in knowledge management (KM); 

+ Identify NASA’s current implementation of KM processes, tools, 
capabilities, structures, and resources; 

+ Define opportunities for applying KM for near-term challenges; 

+ Define a strategic plan for meeting long-term Agencywide KM 
requirements. 


Approach: 


The KM initiative is led by an Agencywide, multi-disciplinary team, which is 
chartered by the Office of the Chief Information Officer. The team will: 


+ Formulate requirements, opportunities, and strategies related to KM at 
NASA; 

+ Use pilot activities to demonstrate the capabilities and value of KM 
technologies; 

+. Work toward the development of a federated Knowledge Architecture. 


Metrics: 


+ Measure percentages of employees trained, mainstreamed services 
provided (e.g., document management systems, authoring tools, 
expert directories), and strategic tools used; 

+ Demonstrate ownership, sharing and reuse of information; measure 
output of incentives and rewards for knowledge use; 

+ Increase number of knowledge access methods, building blocks, 
standards, and service bases used in knowledge architecture; 

+ Show increase in amount of knowledge resources, repositories, 
content, context, and directories. 


Initiative: IT Workforce Challenge 
Goal: 
Ensure that the NASA workforce has the necessary IT knowledge and skills. 
Objectives: 
+ Benchmark the state of NASA’s workforce with respect to IT; 
+ Develop mechanisms for improving the IT skills of NASA employees; 


+ Develop an IT career development model along the lines of NASA’s 
Chief Financial Officer model; 
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+ Improve the Agency’s retention and recruitment of IT professionals 


where problems exist. 


Approach: 


The IT Workforce Challenge initiative is led by an Agencywide, collaborative 
team, chartered by the Office of the Chief Information Officer. The team will: 


+> 
<> 


<> 


Metrics: 
<> 
<> 


<> 


Assess the current state of NASA’s workforce with respect to IT issues; 
Define requirements, opportunities, best practices, and strategies for IT 
workforce management; 

Ensure the creation of an IT Program Operating Plan focus area to 
support new hiring authority allowances. 


Ensure appropriate levels of training in IT security for general 
employee workforce, system administrators, and project managers. 
Measure the effectiveness of NASA’s participation in the Office of 
Personnel Management’s IT Professional Pilot. 

Measure the effectiveness of Web-based IT training pilots. 


Initiative: Information Technolo IT) Research and Development 


Goal: 


Optimize the insertion of innovative and proven technologies and capabilities into 
the NASA infrastructure. 


Approach: 


<> 


Metrics: 


The IT Research and Development initiative uses an architecture- 
focused, collaborative approach that builds on previous investments, 
current infrastructures, and new technologies. This approach involves 
collaboration with NASA’s research and development programs to 
facilitate the insertion of proven capabilities into the operational 
infrastructure. Pilot activities highlighting promising technologies (e.g., 
nanotechnology, intelligent systems, and biotechnology) and industry 
solutions will be utilized when possible. 


Metrics for the IT Research and Development initiative are currently under 
development. 
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Focus Area 4: Emerging IT Areas 


We will keep abreast of current developments in information technology 


and, when appropriate, apply new procedures and tools to improve 
NASA’s key business processes. 





Initiative: e-NASA 
Goal: 


Promote end-to-end, electronic service delivery and business processes for 
NASA’s customers, partners, and employees. 


Objectives: 


+ Examine industry and government best practices in electronic 
commerce and electronic government; 

+ Enable use of electronic services to assist in workflow, communication, 
and learning processes for NASA employees, business partners, and 
customers. 


Approach: 


The Office of the Chief Information Officer, in collaboration with the Office of 
Procurement, will lead the establishment of an e-NASA initiative to look at the 
application of electronic commerce principles and processes to the Agency. The 
team will: 


+ Assess the application of industry proven electronic business initiatives 
which have demonstrated return on investment (ROI) for their 
organizations; 

<+ Establish flexible priorities for moving to the digital arena, and weigh 
the benefits of near-term versus long-term deployment of e- 
government for NASA; 

+ Measure success by demonstrating productivity enhancements and 
overall value added as a result of the e-NASA initiative. 


11 


Responsible Office: Code AO 
Subject: Functional Leadership Plan 


Metrics: 


Metrics for this initiative are currently in the definition stage, and will be refined 
based on the analysis of the e-NASA team. Examples of possible “gold 
standard” performance goals include 100 percent: 


+ Use of e-purchase cards Agencywide; 
+ Use of e-travel services; 

+ Use of e-grants; 

+ Availability of e-catalogs. 
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